The Fifth Internet Explorer Security Zone

For those of you that don’t know, Internet Explorer places restrictions on Web content by which security zone a site happens to be in. It classifies these sites into zones, which are preset security profiles in Internet Explorer. The security zones which we have discussed before in earlier articles, are located in Internet Explorer under Tools, Options, Security tab. The four default zones have always been: Internet, Local Intranet, Trusted Sites and Restricted Sites.

With Web browsers becoming increasingly popular as the common interface for many applications, including those that may run locally, professionals began wondering about the security holes this could potentially create. The security hole facts that the default security policy runs for content from local machine iomes is far less restrictive than let’s say, a Web site that falls into the Internet Security Zone. Their worries were substantiated when hackers began to take advantage of the weak security settings placed on the local machine and began writing code that utilized this zone.

There is however, another security zone that was introduced with Service Pack 2 (SP2) to help secure systems from this security oversight. SP2 included a fifth hidden security zone that improved the default security for the local zone. The fifth zone is the My Computer zone and you can make the zone visible, which in turn gives you control over the settings and how your machine reacts to certain content.

To make the My Computer zone visible, you need to perform a quick registry edit by changing the DWORD value of one entry in the XP registry. I will walk you through every step of the procedure of course, but if you don’t feel comfortable working in the Windows registry, you may want to leave this tip alone.

WARNING: ONLY PERFORM THIS NEXT PROCEDURE IF YOU FEEL COMFORTABLE WORKING IN THE WINDOWS REGISTRY!

Note: Before attempting any registry editing, make sure that you create a copy of your registry in case you need to reset the change.

3.) Navigate to the following folder: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

4.) In the zones folder, you should see a number of files in the left windowpane. Scroll down until you see one labeled Flags. When you find it, double click on it and a small window will appear labeled Edit DWORD Value. There is a box in this window with a number in it. This is the DWORD value and the number 21 signifies that the My Computer zone is hidden.

5.) Change the DWORD value to 47. This number tells Windows to go ahead and show the My Computer icon in its security zone. When this is done, select OK and exit.

6.) Reboot your system and then open up Internet Explorer. Select Tools, Internet Options, Security tab and in the zones, you should see the My Computer option.

7.) If you select the My Computer icon and then select the Custom Level button, you will see all the security settings that are now available for the local machine.

Make sure you look over the settings. There may be a few that you want to change to “Prompt” instead of “Enable,” which will stop some active content from just running at will, in turn using the old lax security rules. All in all, it’s just another step you can take to stay in front of the bad guys and help yourself get a little more familiar with how to tighten up your system.